Topic-specific policies
ISO/IEC TR 27109

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


ISO/IEC TR 27109 — Information security, cybersecurity and privacy protection — Cybersecurity education (DRAFT)



“This preliminary work item is considering the development of a technical report on cyber education.”
[Source: SC27 Standing Document 11 (2021)]




Scope of the standard



Content of the standard

The preliminary draft and comments thereon suggest this standard may:

  • Cover cybersecurity awareness, training and education;
  • List/mention applicable national guidance, strategies or regulations.



Despite having an ISO27k number already, this is currently a Preliminary Work Item - essentially a standards project proposal, under discussion within SC 27.

The project is destined to produce a Technical Report.

An initial document has been approved within SC 27, so this standards project is likely to proceed.


Personal notes

It would be good if this standard clarified the meaning of ‘cyber’ in order to educate those using the term. Fat chance!

The standard may complement ISO/IEC 27021 concerning competencies required of ISMS  professionals.

If national requirements are listed, the details would need to be collated and managed indefinitely, implying a stream of maintenance updates to keep the standard reasonably accurate and current. Why is such an approach even being considered? Other international standards don’t usually attempt to list national aspects except perhaps as examples.



< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2021 IsecT Ltd.